Mez,
I can't think of a better categorization, so +1 from me for the categories
below.
Regards,
Tim Hahn
IBM Distinguished Engineer
Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565 tie-line: 8/687.1565
fax: 919.224.2530
"Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>
Sent by: public-wsc-wg-request@w3.org
06/08/07 04:28 PM
To
"Shawn Duffy <Shawn.Duffy"
cc
Web Security Context WG <public-wsc-wg@w3.org>
Subject
Re: Recommendations Draft
Now that I've made it through the proposals that make up the bulk of the
draft, I'd like to propose a further categorization of the proposals:
1. Primary Security Context Indicators
Proposals centering on what is displayed as SCI (and not) would go here.
Site identifying images in chrome, "what is a secure page" (when it gets
put into template form - Yngve, have you done that yet?), secure internet
letterhead, TrustMe, UrlRecommendation, IdentitySignal - recommendations,
good practices, and antipatterns around the SCI that appear without user
interaction, in the normal task flow, would appear here.
2. Secondary Security Context Indicators
Proposals centering around other forms of SCI - security protocol error
presentation, page info summary, EV certs (I think), maybe parts of
IdentitySignal (is hoverover primary or secondary?), revisiting past
decisions would go here.
3. SCI Robustness
Techniques to make the SCI (and chrome) robust against attacks (including
spoofing). Trusted browser component (including the personalization
aspect), and all the discussions of robustness we've had from the various
browsers would go here.
4. Minimizing Trust Decisions
Techniques to do away with some of the trust decisions users need to make
today. PIIEditorBar, SBM, maybe browser lock down (I haven't read it yet)
Reactions and thoughts, both on beginning to form some large grained
categories within our proposal, and on these as the current categories?
Mez
Shawn Duffy <Shawn.Duffy@corp.aol.com>
Sent by: public-wsc-wg-request@w3.org
05/30/2007 05:30 AM
To
Web Security Context WG <public-wsc-wg@w3.org>
cc
Subject
Recommendations Draft
This is a rough, rough first draft of the Recommendations:
http://www.w3.org/2006/WSC/drafts/rec/
This is based on the recommendations that were drafted using Tyler's
template in the Wiki. Not every one used the template in an identical
manner so not every section is consistent with the rest. I'm sure we
will continue to massage the format.
If I am missing anyone's recommendations, let me know...
Thanks,
Shawn
--
shawn duffy - shawn.duffy@corp.aol.com
senior technical security engineer | aol it security
703.265.8273 | AIM: ShawnDuffy1